I keep going to the same topics, since we have the same issues come up again and again. We have discussed the Psychology of Security (all of these topics are also in my book “Too Late You’re Hacked”), in this blog before – just search for Psychology of Security and you will see the posts. … Read more
Patch your software and hardware (portswigger article) Password management – Keep passwords locked – 2FA MFA, Backup and test backups – social engineering – Phishing education (CISA – Cybersecurity& Infrastructure Security AgencyTips) Test your environment Why did i give the patching/upgrade the highest importance, because a policy of upgrading can lead your environment … Read more
What if you have software with a vulnerability that will not be patched? What does this mean? RCE means Remote Code Execution which means the attacker does not have to be on the system to exploit it (this is the most dangerous attack). If you are running Horde webmail to check your email – … Read more
Remember the Exchange server hack from a year ago (post from 3/16/21)? “Exchange Server Attacks Just Beginning?” “Attacks exploiting the flaws were first spotted in January. They initially were limited and targeted, seemingly for espionage: the adversaries primarily targeted specific email accounts. Microsoft attributed the activity to a group it calls Hafnium, believed to operate … Read more
Tips and tricks against a phishing cyberattack is what we need if 80% of all cyberattacks are Phishing email is a lie – attempts to get you to click on a link —– The Code in the link does not go where it says Email tries to trick you into acting fast – so as … Read more
